From 1098a7da1e064cedd66ecd51e54beb29293e0b04 Mon Sep 17 00:00:00 2001
From: rwv <7891383+rwv@users.noreply.github.com>
Date: Thu, 1 Aug 2024 16:38:11 +0800
Subject: [PATCH] chore: generate provenance statements for nightly npm package

See Also: https://docs.npmjs.com/generating-provenance-statements#about-npm-provenance
---
 .github/workflows/release_nightly.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release_nightly.yml b/.github/workflows/release_nightly.yml
index f5b9eb6f9..8c02b96e5 100644
--- a/.github/workflows/release_nightly.yml
+++ b/.github/workflows/release_nightly.yml
@@ -309,6 +309,9 @@ jobs:
     needs: create-nightly-release
     if: needs.create-nightly-release.outputs.is_active == 'true'
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      id-token: write
     strategy:
       matrix:
         demo: [false, true]
@@ -393,7 +396,7 @@ jobs:
       - name: Publish npm package
         if: ${{ !matrix.demo }}
         # npm scoped packages are private by default, explicitly make public
-        run: npm publish --access public
+        run: npm publish --access public --provenance
         continue-on-error: true
         working-directory: web/packages/selfhosted/dist
         env: